We're sending logs from FortiGates, AD (log ins, DNS, DHCP) and from our
antivirus/mail product. It doesn't seem right to limit the logs, as we
might not send the relevant logs... also we could switch from the
current AV/mail products to FortiNet pro...